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REMOTE COMPUTER SYSTEM MANAGEMENT THROUGH AN FTP 

INTERNET CONNECTION 

FIELD OF THE INVENTION 

5 

The present invention relates to a method for providing remote computer 
system management through an FTP Internet connection. 

BACKGROUND OF THE INVENTION 

10 

The Internet is a general purpose, public, global computer network which 
allows computers hooked into the Internet to communicate and exchange digital 
data with other computers also on the Internet. Once a computer is coupled to 
the Internet, a wide variety of options become available. Some of the myriad 
15 functions possible over the Internet include sending and receiving electronic mail 
(e-mail) messages, logging into and participating in live discussions, playing 
games in real-time, viewing pictures, watching streaming video, listening to 
music, going shopping on-line, browsing different web sites, downloading 
and/ or uploading files, etc. 

20 

The most popular way of participating in the Internet involves a 
client/ server arrangement. Basically, a server computer provides a service and 
acts as a host to any number of client computers wishing to avail themselves of 
that service. For instance, a user may wish to send an e-mail message to a friend. 
25 The user first logs his or her client computer, such as a personal computer (PC) 
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on the Internet through a standard telephone modem, cable modem, digital 
subscriber line (DSL), etc. The user then composes the e-mail message on the 
client computer which then contacts and transmits the message over the Intemet 
to a designated e-mail server computer. Subsequently, when the recipient checks 
5 for any new e-mail messages, the recipient's client computer will contact the e- 
mail server. The e-mail server will then proceed to send the new e-mail message 
to the recipient's client computer, again over the Internet. In many cases, a server 
simply contains content information (e.g., web pages displaying text and/or 
pictures, real-time stock quotes, etc.). A huge number of clients can access this 
1 0 content information via the Internet. 

Referring to Figure 1, a typical Internet client/server arrangement is 
shown. In this example, four clients 101-104 and two servers 105-106 are shown 
coupled to Intemet 107. In general, clients 101-104 are personal computers 

15 (PC's), whereas servers 105-106 are more powerful computers with greater 
hardware, software, and connection resources. Any of the clients 101-104 can 
transmit and receive data to/from any of the servers 105-106 via Intemet 107. 
Moreover, a single server can handle multiple client requests at the same time. 
Expanding upon this client/server arrangement, millions upon millions of client 

20 and server computers aroimd the world are coupled to the vast Intemet and are 
exchanging information, at any given time. 

Presently, there are two major protocols used to establish and facilitate 
data transmissions between clients and servers. These protocols specify a set of 
25 technical rules by which client and server programs can communicate with one 
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another. The first protocol is commonly referred to by its acronym, HTTP 
(Hypertext Transfer Protocol). HTTP is used to transfer data between servers 
and clients via a browser program (e.g.. Navigator or Explorer) over a part of the 
Internet known as the World Wide Web or "the Web." HTTP enables a user to 
5 simply place a cursor on a displayed hypertext link and click on it. This 
automatically takes the user to the appropriate web page, to other desired 
information, or to another resource located on the same or different server on the 
Internet. 

10 The other widely adopted protocol is known as FTP (File Transfer 

Protocol). FTP enables users to readily transfer files between computers over the 
Internet. A file is a collection of data (e.g., e-mail messages, web pages, pictures, 
documents, computer programs, etc.) which is stored under a given name. FTP 
allows a client computer to download designated files from a server and also to 

15 upload files to a server. For example, a user can design and create a web site on 
a local client computer, store the web pages in one or more files, and then upload 
these files via FTP to a web server over the Internet. These files are stored on the 
server and potentially anyone can now access that web page over the Internet. 
Thereby, FTP servers enable the distribution of software programs and other files 

20 over the Internet. 

Although HTTP and FTP confer great flexibility, ease of use, and 
functionality to users, there are several associated drawbacks which must still be 
addressed. One major headache and expense involves the administration, 
25 management, and general maintenance of the servers. Ideally, the files or 
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content stored on the servers should be secured against unauthorized users. 
Furthernnore, whereas some users are granted permission to access the content, 
they should be prevented from accidentally or intentionally corrupting or 
otherwise altering the content stored on the servers. At the same time, legitimate 
5 owners of the content should be given permission to update or change their 
content as needed. It is a rather difficult task to monitor and enforce this 
delicate balance, especially in light of unauthorized users who attempt to crack 
or hack their way into secure servers. Moreover, in order to leverage the power 
of most server systems, a single server is often used to support an environment 
10 whereby multiple, independent file systems exist. In effect, many different users 
can share a single server. This necessarily entails setting up multiple accotmts ~ . 
one account per user. Creating multiple accounts opens up the server system to 
more potential abuses by unauthorized persons. 

15 On the one hand, server systems administrators want to grant legitimate 

users the ability of performing certain useful commands for administering their 
own virtual file systems within the server. Otherwise, the administrators 
themselves are faced with the overwhelming workload of having to manually 
and directly perform a myriad of trivial tasks for legitimate users who wish to 

20 deploy content and applications onto these servers. But on the other hand, 

server systems administrators would like to deny direct operating-system level 
access to remote clients in order to minimize security risks and to also minimize 
security administration overhead. 
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Another related problem pertains to the fact that HTTP and FTP were 
designed to meet different needs. As such, these two protocols are used 
independently. However, with the explosion of e-commerce over the Internet, it 
is becoming ever more prevalent for users to utilize both protocols. For instance, 
5 rather than selling software through traditional shrink wrap packages at stores, it 
is becoming more cost efficient to purchase and sell software over the Internet. A 
customer can use a search engine to find the various sites which are offering the 
software product for sale. The customer can readily access these sites via HTTP 
to shop for the best bargain. The customer can then place an order over the 
10 Internet via HTTP. After verifying payment, the software program is then 
j: downloaded from the server to the buyer's client computer via an FTP file 

transfer. For the casual computer user, it may be a bit too daunting to master 
D proficiency in both HTTP and FTP required to complete an e-commerce 

- transaction. Furthermore, traditional businesses may have a difficult time 

O 15 finding the HTTP and FTP expertise necessary for transitioning into a more 

ffi competitive e-commerce offering. 

Thus, there is a need in the prior art for a method which removes some of 
the administrative burden of managing servers. There also exists a need in the 
20 prior art for improving the integrity of server systems. It would also be 

preferable if such a method could also somehow simplify the HTTP/FTP process 
inherent in e-commerce transactions. The present invention proposes a unique, 
novel, and elegant solution which satisfies all the above needs. 



CONFIDENTIAL 



7 



SUMMARY OF THE DWENTION 

The present invention pertains to a method for remote computer systems 
management through an FTP Internet connection. In one embodiment, a user 
5 operating on a remote client issues requests to the host server. These requests 
are first sent to an FTP server which enforces security measures. Upon 
authentication, the FTP server issues appropriate commands and then passes 
these commands on to the operation system of the host server through an FTP 
transfer. The commands perform standard features of the operation system 
10 which are not normally allowable by traditional FTP. Responses are sent back 
through the FTP server to the original requestor's remote client computer. Error 
handling, security features, and /or access controls optionally reside on top of 
this command-and-control request and response mechanism. Furthermore, a log 
file can be created to record the transactions made during each session. 

15 

In another embodiment of the present invention, a web-based 
management application is designed to provide an intuitive, user-friendly 
graphical user interface to be operated in conjunction with a web browser on the 
local client computer. The user submits requests through this web control panel 
20 to initiate operations to be executed on the remote operating system of the host 
server. These HTTP web requests are initially transmitted to a web server which 
processes the HTTP requests and then submits the requests to the FTP server by 
establishing an IP connection. The FTP server handles the requests as described 
in the above embodiment. Likewise, responses sent back through the FTP server 



CONFIDENTIAL 



8 



are passed on to the web server and reported to the user through HTML over 
HTTP to the original user's web browser for display. 

In yet another embodiment, by virtue of using FTP as the connection to 
the remote server, the present invention can be used in conjunction with remote 
distribution services which rely on FTP as their upload /download processes. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention is illustrated by way of example, and not by way of 
limitation, in the figures of the accompanying drawings and in which like 
5 reference numerals refer to similar elements and in which: 

Figure 1 shows a typical Internet client/ server system. 

Figure 2 shows an exemplary block diagram describing the operation 
10 of the currently preferred embodiment of the present invention. 

Figure 3 shows a block diagram of an exemplary set of hardware 
which can be used to implement the present invention. 

15 Figure 4 shows a diagram of a set of exemplary software blocks for 

practicing the present invention. 

Figure 5 shows a flowchart depicting the steps of one way in which the 
present invention may be Used. 

20 
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DETAILED DESCRIPTION 

A method for remote computer systems management through an FTP 
Internet connection is described. In the following description, for purposes of 
explanation, numerous specific details are set forth in order to provide a 
thorough understanding of the present invention. It will be obvious, however, to 
one skilled in the art that the present invention may be practiced without these 
specific details. In other instances, well-known structures and devices are shown 
in block diagram form in order to avoid obscuring the present invention. 



In the currently preferred embodiment of the present invention, a user can 
submit requests to administer a remote computer system through a World Wide 
Web browser. Figure 2 shows an exemplary block diagram describing the 
operation of the currently preferred embodiment of the present invention. A 

15 Web-based management application is operated by a user with a Web browser 
201 on the user's local computer system 202. The user can issue requests to 
perform certain administrative tasks on a remote computer system 205 by 
entering the requests through Web browser 201. By utilizing a web browser, a 
user can administer any remote system (e.g., a UNIX server) from any web- 

20 enabled platform or operating system, without requiring the user have direct 
access to, or knowledge of, the remote system or its obscure software scheme, 
hardware configuration, or architecture. These requests are sent over Internet 

203 as HTTP to a Web server computer system 204. Web server computer system 

204 processes the requests and submits corresponding commands to the remote 
25 computer system 205 through FTP over the Internet 203. These commands are 
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accepted and authenticated by the remote computer system 205 and then 
executed upon by its operating system (O/S). The remote computer operating 
system can be any form of operating system, including embedded operating 
systems (e.g., Cisco lOS) or a general purpose operating system (e.g., UNIX, NT, 
5 LINUX, Solaris, etc.). The commands initiate standard functions of the operating 
system which are not normally available through traditional FTP. Some 
exemplary commands include, but are not limited to, file and directory creation, 
change and edit files, remove files, Unix file mode, user and group ownership 
changes (for security /access permissions), and other standard system-level 

10 commands. Responses from remote computer system 205 are sent to the Web 
server computer system 204 as FTP over Intemet 203. Web server computer 
system 204 forwards the responses back to the local computer system 202 as 
HTTP over Intemet 203. The responses are displayed as HTML (Hypertext 
Markup Language) on Web browser 201. Error handling, security, and access 

15 controls can optionally be placed on top of this command-and-control 
request/ response mechanism described above. 

Furthermore, it should be noted that a direct connection can be established 
between any of the computer systems rather than an I/P (Internet Protocol) 

20 connection via the Intemet. It should also be noted that the present invention is 
not limited to solely administering a remote computer system per se. Any type 
of computing, telecommunications, processirig, or electronic device may be 
managed in this function. Some examples include concentrators, switches, 
routers, generators, etc. Basically, anything which runs software can be 

25 administered according to the present invention. 
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Figure 3 shows a block diagram of an exemplary set of hardware which 
can be used to implement the present invention. A client computer 301 can be a 
personal computer (PC), portable computer, or some type of desktop computer. 
The client computer 301 issues HTTP requests to a Web server 302. Web server 
302 processes the HTTP requests from client computer 301 and issues FTP 
commands to an FTP server 303. The FTP server 303 verifies and then forwards 
these FTP commands to the host server system 304. The operating system of host 
server system acts upon these commands and typically sends an FTP response 
back to the FTP server 303. The FTP server forwards the response to the Web 
server 302 which converts the FTP response into a HTTP response before 
forwarding it on to cHent computer 301. The Web server 302, FTP server 303, and 
Host server 304 can be one or more powerful PC's, workstations, server 
computers, mainframes, etc. Coupled to the host server system is a mass storage 
device 305 (e.g., disk array) for storing files, Web sites, documents, programs, 
and other types of data. 

Figure 4 shows a diagram of a set of exemplary software blocks for 
practicing the present invention. A control panel 401 is useful to provide an 
easy-to-use graphical user interface (GUI) for aiding a user to enter requests to 
administer the remote computer system and understand any responses or 
acknowledgments returned from the remote computer system. The control panel 
can work as part of or commimicate with a web browser 402 via HTML. By 
implementing a control panel or equivalent GUI, a user can make selections for 
normally command line interface systems administration caUs from a web-based 
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GUI. Web browser 402 transmits the requests as HTML to be processed by web 
applications 403. The requests are then translated into FTP commands 
recognizable by FTP applications 404. The FTP commands affect changes to be 
executed upon by the operation system and /or applications 405 residing on the 
5 host server. Some of the commands may ejffect the creation, deletion, edit, or 
access of the files and data via database applications 406. 

Thereby, with the present invention, certain designated on-the-box system 
administration privileges are extended to users and content providers operating 
% 10 on client computers. This grants end users the ability to perform nearly all of the 

J: administrative tasks requisite to establishing, running, and managing a file 

y system on the remote server system. Consequently, this administrative overhead 

O is removed from the party responsible for managing remote server system. A 

- trusted central server can be more easily allowed to login to perform the 

□ 15 common operating system functions. At the same time, security is not 

fQ compromised because the end users are denied operating system level log-ins. 

,g By limiting the number of O/S level accounts, the security risks are 

correspondingly reduced. Rather than setting up an account for each user on the 
server, assigning a user name and password for each account, having the users 
20 Telnet into the remote system, and then granting O/S level control to the users, 
the present invention has only one generic entry per server. This generic entry is 
assigned to multiple users, and these users do not even get a password. 
Essentially, a generic "virtual" user takes actions on behalf of all the real users. 
Turning off the other IP services and ports allows greater security administration 
25 to the box or allows the remote service to be more easily deployed through 
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firewalls, as controls to the server are carried across the same EP port as the 
content upload. Moreover, security can be administered from the central server 
system, allowing the user to potentially manage multiple remote servers from a 
central web-based control point. In addition, server administration managed at 
the central site means that remote systems do not require user account-level 
administration or security permissions to be established. 

Figure 5 shows a flowchart depicting the steps of one way in which the 
present invention may be used. First, a user logs in through his or her local client 
computer system's control panel, step 501. Note that users can be granted access 
controls to the Web-based central server separately. The HTTP log-in request is 
sent to a web browser which acts as an entitlement hook into an FTP server. The 
FTP server communicates with the UNIX database manager (DBM) or LDAP to 
determine whether that particular user is authorized to proceed, step 502. If the 
user is not authorized, a message is sent back to the user for display on the client 
computer and authorization is denied, step 503. If the user is legitimate, the log- 
in is accepted. Note that in either case, there is no TELNET or O/S level log-in. 
Next, the privilege level granted to the user is established in step 504. Once the 
privilege is established, a message is sent to the user informing the user that he 
or she is authorized to proceed, step 505. Thereupon, the user can initiate certain 
commands by entering them via the control panel, step 506. These commands 
are accepted through the FTP server and a security check is performed on the 
commands, step 507. If the user does not have the requisite privilege level for 
that particular command, a notification is sent to the user and the command is 
. prevented from completing, step 508. Otherwise, the FTP command is executed. 
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step 509. It should be noted that using FTP as the connection to the remote 
system also means that even systems (e.g., servers) without Web-based (HTTP) 
or TELNET-based access can be administered using this system. Furthermore, 
by offering HTTP and FTP capabilities, the present invention confers 
5 extensibility to legacy systems. 

Optionally, a log can be created to store all the transactions made during 
that session by creating a session log entry, step 510. Thereby, the system 
administrator has the ability to play back the log to undo certain transactions and 

10 basically rebuild the file system. This audit trail gives the system administrator a 
powerful management tool. Another optional step 511 entails using a single 
command line transaction to script the FTP server to prepare the server system 
for the upload of content and then proceed with the actual uploading of the 
content onto the remote server system, both in pre and post processing modes. 

15 The user can post commands to the web control panel which causes an HTTP . 
web server to drive a script which, in turn, drives the FTP server. Thereby, with 
this embodiment, using FTP as the connection to the remote server means this 
can be used in conjunction with remote distribution services which rely on FTP 
as their upload process. Likewise, one or more scripts can be used to command 

20 the server to download files, software, data, etc., to another computer system. 
For example, a single script can be used to command the server to download a 
software program to a customer's computer system over the Internet. This same 
script can be used to also perform the actual FTP file download. Another 
example would be to use a script to update, patch, or configure software rimning 

25 on another system (e.g., a router, telecommunication equipment, etc). The 
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update, patch, or configuration can be performed by someone remotely over the 
Internet rather than doing it on-site with shrink-wrapped, pre-packaged 
software. Consequently, tasks such as uploading, downloading, file posting, and 
directory administration can be scripted and controlled from a common central 
5 server command point. Furthermore, controls can be intermessaged with file- 
based upload content delivery. 

Figure 6 shows an exemplary computer system upon which the present 
invention may be practiced. System 601 can include any computer controlled 

10 graphics systems for generating complex or three-dimensional images. 

Computer system 601 comprises a bus or other communication means 606 for 
communicating information, and a processing means 602 coupled with bus 606 
for processing information. System 601 further comprises a random access 
memory (RAM) or other dynamic storage device 604 (referred to as main 

15 memory), coupled to bus 606 for storing information and instructions to be 
executed by processor 602. Main memory 604 also may be used for storing 
temporary variables or other intermediate information during execution of 
instructions by processor 602. Data storage device 605 is coupled to bus 606 for 
storing information and instructions. Furthermore, an I/O device 610 is used 

20 for couple the computer system 601 onto a network. 

Computer system 601 can also be coupled via bus 606 to an 
alphanumeric input device 608, including alphanumeric and other keys, is 
typically coupled to bus 606 for communicating information and command 
25 selections to processor 602. Another type of user input device is cursor control 
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609, such as a mouse, a trackball, or cursor direction keys for communicating 
direction information and command selections to processor 602 and for 
controlling cursor movement on display 607. This input device typically has 
two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., 
y), which allows the device to specify positions in a plane. It should be noted 
that the present invention may be implemented as a computer program 
running on a computer system 601. Alternatively, the present invention may 
be embodied as a computer program stored on a computer-readable medium, 
such as RAM 604 or data storage device 605 (e.g., hard disk, floppy disk, etc.). 

Thus, a method for remote computer systems management through an 
FTP Internet connection is disclosed. The foregoing descriptions of specific 
embodiments of the present invention have been presented for purposes of 
illustration and description. They are not intended to be exhaustive or to limit 
the invention to the precise forms disclosed, and obviously many modifications 
and variations are possible in light of the above teaching. The embodiments 
were chosen and described in order to best explain the principles of the invention 
and its practical application, to thereby enable others skilled in the art to best 
utilize the invention and various embodiments with various modifications as are 
suited to the particular use contemplated. It is intended that the scope of the 
invention be defined by the Claims appended hereto and their equivalents. 
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